I have an internal network as follows:
Internet → Gateway (VPN, public-facing IP) → Server (192.168.2.1)
I also have a handful of Docker containers running on the server, each with their own macvlan IP address (ex: 192.168.2.9). I’m trying to understand how Caddy might be used as a reverse proxy to permit self-signed SSL for these containers without needing a domain name since this is all internal. So the goal is to enter an IP, and have the connection to the corresponding container be over HTTPS.
My current setup is as follows:
1. Caddy version (caddy version
):
2.2.1
2. How I run Caddy:
Running in Docker on a Synology NAS (unix).
Caddy docker-compose
version: '3'
services:
caddy:
image: caddy:latest
volumes:
- /volume1/docker/caddy/caddyfile:/etc/caddy/caddyfile
- /volume1/docker/caddy/data:/data
- /volume1/docker/caddy/config:/config
ports:
- 9999:9999
Caddyfile:
{
default_sni 192.168.2.9
}
https://192.168.2.9:443 {
reverse_proxy bitwarden:80
}
Docker container we want to secure (bitwarden):
version: '3'
services:
bitwarden:
image: bitwardenrs/server
container_name: bitwarden
restart: unless-stopped
volumes:
- /volume1/docker/bitwarden:/data
environment:
WEBSOCKET_ENABLED: 'true' # Required to use websockets
SIGNUPS_ALLOWED: 'true' # set to false to disable signups
networks:
macvlan_private:
ipv4_address: 192.168.2.9
hostname: bitwarden
networks:
macvlan_private:
external: true
However it looks like Caddy isn’t receiving the requests. What is wrong with the above configuration?